U.S. Loosens Restrictions on Anthropic’s Mythos A.I. Model

The move de-escalates a clash between the Trump administration and the company over its cutting-edge artificial intelligence systems.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

Whistleblower Sarah Wynn-Williams sues Meta over attempts to ‘silence’ her

Former Meta employee Sarah Wynn-Williams has filed a federal lawsuit in California alleging the company unlawfully suppressed her ability to promote her memoir through an interim arbitration order, while also accusing Meta of engaging in coercive surveillance against her.

Why this matters: The case raises critical intersections of employee surveillance, NDAs, arbitration enforceability, and First Amendment protections—outcomes could reshape how tech firms manage insider disclosures and monitor former staff.

Who should care: Lawyers · Privacy officers · Compliance · Cybersecurity · General readers · Policy

Why Amazon Dropped Its OpenAI Movie, Data Center Workers Fight Back, and Meta Leaks Employee Data

The decision by Amazon-owned MGM Studios to drop the OpenAI movie is just part of AI and film industries becoming increasingly intertwined. On Uncanny Valley, we look at where this is all headed.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · AI governance · Policy

Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches

Data security incidents have been announced by the Colorado Health Network and Kentucky Mountain Health Alliance. In both cases, only […] The post Colorado Health Network; Kentucky Mountain Health Alliance Announce Data Breaches appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted

As UK police embrace the AI revolution, a WIRED investigation reveals the messy inside story of one region’s experiment with predictive analytics.

Who should care: Lawyers · Privacy officers · Compliance · General readers · AI governance · Policy

Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness

Cybersecurity risk is growing, and healthcare organizations are struggling to defend a rapidly increasing attack surface. AI tools are being […] The post Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance · General readers · AI governance · Policy

Hillcrest Convalescent Center Settles Class Action Data Breach Litigation

Hillcrest Convalescent Center, a skilled nursing and short-term rehabilitation facility in Durham, North Carolina, has reached a class action settlement following a data breach that exposed patient information. The resolution signals legal accountability for healthcare entities that fail to adequately safeguard sensitive resident data.

Why this matters: Healthcare privacy officers and legal teams should treat this settlement as a reminder that inadequate data security at long-term care facilities can trigger costly class action exposure alongside HIPAA regulatory risk.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

New Jersey Supreme Court orders disclosure of police facial recognition use in criminal cases

New Jersey Supreme Court orders disclosure of police facial recognition use in criminal cases  The Jersey Vindicator

Who should care: Privacy officers · Cybersecurity · General readers · Policy

CREATE AI Act Passes House Committee

CREATE AI Act Passes House Committee  Americans for Responsible Innovation

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

House kids’ safety deal complicates AI talks

Keeping kids safe online has become the linchpin to getting an artificial intelligence bill done in Washington. The House and Senate can’t seem to agree on either.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

After a Wegmans disclosure, Erie County, New York, bans businesses from using facial recognition

After a Wegmans disclosure, Erie County, New York, bans businesses from using facial recognition  prismreports.org

Who should care: Privacy officers · Cybersecurity · General readers · Policy

Clean GitHub repo tricks AI coding agents into running malware

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious payload that remains invisible to security scanners, AI agents, and human reviewers. [...]

Who should care: General readers · AI governance · Policy

Tech industry grapples with Trump’s AI about-faces

Silicon Valley billionaires backed Trump due to fears that Democrats would overregulate AI. Now the White House is restricting the release of new AI models — and tech lobbyists are cautiously searching for answers.

Who should care: General readers · AI governance · Policy

Trump administration partially lifts export ban on Anthropic's most advanced AI model

The U.S. government is asserting a new level of influence over AI, controlling which companies can access Anthropic's new models. OpenAI agreed to let the administration screen users of its new model.

Who should care: General readers · AI governance · Policy

Trump Administration Allows Anthropic to Release Mythos to Select US Organizations

After weeks of negotiations, the White House permitted Anthropic to grant access to its most advanced AI model to a select group of US companies and government agencies.

Who should care: General readers · AI governance · Policy

Cartoon: AI Regulation

Cartoon: AI Regulation  The Virginian-Pilot

Who should care: Lawyers · Compliance · General readers · AI governance · Policy

OpenAI staggers AI model release after Trump administration request

Sam Altman announces limited preview of GPT 5.6 in move that echoes launch of Anthropic’s Mythos Business live – latest updates OpenAI is staggering the release of its latest AI model after a request from the US government, in a move echoing the launch of Anthropic’s Mythos product. The company behind ChatGPT signalled its dissatisfaction with the move, saying that doing so keeps the best AI tools from “users, developers, enterprises, cyber defenders, and global partners who need them”. Continue reading...

Who should care: General readers · AI governance · Policy

‘The Daily’ and ‘The Opinions’: How A.I. Is Changing Loneliness and Taste

The story of a woman who let a robot into her home. Plus, a discussion about why Silicon Valley has taken such an interest in taste.

Who should care: General readers · AI governance · Policy

AI and Liability

Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “that information generated with AI should not be blindly trusted,” the court held that the AI’s summaries are reflections of the company and “above all an expression of Google’s business activities.” This is the latest skirmish in a decades-old battle over internet publishing. Historically, there were two different types of information distributors: carriers and publis…

Who should care: General readers · AI governance · Policy

Newsletter Digest - news from the EDPS

The European Data Protection Supervisor has released a newsletter covering four priority areas shaping EU digital governance: the Digital Omnibus legislative debate, cross-border health data protection, AI safeguards for the EU Visa Application Platform chatbot, and transparency obligations around EU fund usage.

Why this matters: Privacy officers, healthcare teams, and AI-governance professionals should monitor these EDPS developments closely, as they signal upcoming regulatory expectations across health data flows, public-sector AI deployment, and digital policy reform.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers · AI governance · General readers · Policy

Designing transparency for government AI: Insights from the UK’s Algorithmic Transparency Recording Standard initiative

The UK's Algorithmic Transparency Recording Standard (ATRS) establishes a structured framework requiring government bodies to disclose how algorithmic tools are used in public-sector decision-making, aiming to bolster accountability and citizen trust in state-deployed AI systems.

Why this matters: Professionals advising public-sector clients or shaping AI governance policies should treat ATRS as a benchmark for mandatory disclosure obligations and audit-readiness requirements.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy · Privacy officers

Dynamic pay on platforms such as Uber should be banned, says TUC

The UK's Trades Union Congress is calling for a prohibition on algorithmic dynamic pay-setting on gig platforms like Uber, arguing the practice severs the link between effort and earnings and leaves workers unable to predict or understand their compensation.

Why this matters: AI-governance and employment law professionals should monitor this push, as a ban could establish precedents for algorithmic wage transparency obligations and reshape platform-worker classification frameworks.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy · Privacy officers

Three things to watch amid Anthropic’s latest feud with the government

Anthropic has become embroiled in a dispute with the US government following the April disclosure of an AI model called Mythos, raising questions about the boundaries between private AI development and federal oversight.

Why this matters: AI governance and legal professionals should monitor this case closely, as its outcome could shape regulatory expectations around mandatory government disclosure of advanced AI model development.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy · Privacy officers

Advancing data protection and AI governance in the Southern Mediterranean region

The Council of Europe is driving efforts to strengthen data protection frameworks and AI governance standards across Southern Mediterranean countries, signaling a regional push to align with emerging international norms on responsible technology use.

Why this matters: Organizations operating in or expanding into Southern Mediterranean markets should monitor evolving compliance requirements, as new AI and data protection frameworks may introduce fresh legal obligations and cross-border data transfer considerations.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy · Privacy officers

When AI governance lands on privacy's desk

When AI governance lands on privacy's desk  IAPP

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

Remarks by the Privacy Commissioner of Canada to the Venice Privacy Symposium – Intervention on AI governance

Remarks by the Privacy Commissioner of Canada to the Venice Privacy Symposium – Intervention on AI governance

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

House kids’ safety deal complicates AI talks

Keeping kids safe online has become the linchpin to getting an artificial intelligence bill done in Washington. The House and Senate can’t seem to agree on either.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

U.S. Loosens Restrictions on Anthropic’s Mythos A.I. Model

The move de-escalates a clash between the Trump administration and the company over its cutting-edge artificial intelligence systems.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

Patch Tuesday, May 2026 Edition

Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

The OECD AI Policy Toolkit: Better AI policies for better lives

OECD AI Policy Toolkit helps governments turn AI principles into action with practical guidance, policy examples and global insights. The post The OECD AI Policy Toolkit: Better AI policies for better lives appeared first on OECD.AI.

Who should care: AI governance · Lawyers · Administrators · Compliance · General readers · Policy

‘You can’t make billions without hurting people’: Cory Doctorow on Elon Musk, the AI bubble and bosses’ cruel fantasies

Author Cory Doctorow, who popularized the term 'enshittification,' argues in his new book that AI's primary appeal to executives lies in its capacity to subordinate workers to algorithmic control rather than genuinely augment human capability or deliver transformative productivity gains.

Why this matters: Governance and compliance teams should anticipate growing regulatory and reputational scrutiny around algorithmic management practices that erode worker autonomy and potentially violate labor rights frameworks.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy · Privacy officers

Why do South Koreans love AI so much?

South Korea has emerged as a notably high-adoption environment for AI-driven public infrastructure, with automated facial recognition deployed at immigration checkpoints and AI integrated into everyday transit systems, reflecting broad societal acceptance of the technology.

Why this matters: Professionals advising on AI governance or cross-border data flows should note South Korea's regulatory and cultural tolerance for biometric AI as a benchmark when assessing compliance obligations and deployment norms in Asia-Pacific markets.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy · Privacy officers

Newsletter Digest - news from the EDPS

The European Data Protection Supervisor has released a newsletter covering four priority areas shaping EU digital governance: the Digital Omnibus legislative debate, cross-border health data protection, AI safeguards for the EU Visa Application Platform chatbot, and transparency obligations around EU fund usage.

Why this matters: Privacy officers, healthcare teams, and AI-governance professionals should monitor these EDPS developments closely, as they signal upcoming regulatory expectations across health data flows, public-sector AI deployment, and digital policy reform.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers · AI governance · General readers · Policy

Balancing openness and control: Cross-border health data and AI governance in China

The Atlantic Council has examined how China navigates the tension between enabling international data flows and maintaining strict regulatory control over health data and AI systems, highlighting the country's dual approach to fostering innovation while asserting sovereignty over sensitive information.

Why this matters: Professionals operating in or partnering with Chinese entities must understand this regulatory duality, as it directly affects cross-border data transfer compliance, AI deployment agreements, and health data governance strategies.

Who should care: Healthcare professionals · Privacy officers · Compliance · AI governance · Lawyers · Administrators · General readers · Policy

The form asked my permission to share my health data. Then it wouldn’t let me say no.

Dark patterns force patients to share their data with big healthcare networks, even when the privacy form they’re signing explicitly says they can opt-out.

Who should care: Healthcare professionals · Privacy officers · Compliance · General readers · Policy

Palantir’s access to identifiable NHS England patient data is ‘dangerous’, MPs say

Health service has given US tech firm ‘unlimited access’ to certain data to build integrated platform, according to reports UK politics live – latest updates MPs have warned that an NHS decision to grant Palantir access to identifiable patient information in its plan to use AI to improve the health service is “dangerous” and will fuel public fears that data privacy is not being prioritised. NHS England has allowed staff from the US tech firm and other contractors to access patient data before it has been pseudonymised, despite internal fears of a “risk of loss of public confidence”, the Finan…

Who should care: Healthcare professionals · Privacy officers · Compliance · General readers · AI governance · Policy

Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness

Cybersecurity risk is growing, and healthcare organizations are struggling to defend a rapidly increasing attack surface. AI tools are being […] The post Healthcare Report Highlights Growing Vendor Risk and Lack of Cyberattack Readiness appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance · General readers · AI governance · Policy

Curiosity is not an excuse: protecting patient data in healthcare

Curiosity is not an excuse: protecting patient data in healthcare  Information Commissioner's Office

Who should care: Healthcare professionals · Privacy officers · Compliance

UK: Boy’s medical records may have been accessed inappropriately after crocodile attack at zoo

They could have — and should have — anticipated great curiosity about this particular patient’s medical records. Did they control access well enough? Emily Stevens reports: The medical records of a young boy who was attacked by a crocodile at a Cambridgeshire zoo were accessed by up to 40 members of staff. The incident took... Source

Who should care: Healthcare professionals · Privacy officers · Compliance

Business Groups, Advocates Spar Over NY Health Data Privacy Bill

Business Groups, Advocates Spar Over NY Health Data Privacy Bill  Bloomberg Government News

Who should care: Healthcare professionals · Privacy officers · Compliance

Shared NHS patient records could cut 20,000 A&E visits a year, ministers claim

Modernisation bill would require GPs and hospitals in England to share data, reducing errors and duplication Sharing access to patients’ health data across NHS providers in England could result in 20,000 fewer A&E visits a year and save £20m annually, the government has claimed, before the second reading of the NHS modernisation bill on Monday. The bill, which would also abolish NHS England, sets out measures including single patient records (SPR) for every person receiving health and social care in England, requiring GPs and hospitals to securely share data as part of the government’s 10…

Who should care: Healthcare professionals · Privacy officers · Compliance

Why You Don’t Need to Understand HIPAA to Make Your Small Practice HIPAA Compliant

A small practice owner who cannot define a Security Risk Analysis, has never read the HIPAA Security Rule, and does […] The post Why You Don’t Need to Understand HIPAA to Make Your Small Practice HIPAA Compliant appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers

What is the UK Biobank project and what are the privacy concerns around it?

Volunteers’ data has enabled medical breakthroughs, but there are questions over how that data is protected With the revelation that the confidential health records of half a million British volunteers have been put up for sale on a Chinese website, we take a look at what the UK Biobank project has achieved – and why concerns have been raised. Continue reading...

Who should care: Healthcare professionals · Privacy officers · Compliance

HIPAA Security Rule Training for Business Associates

HIPAA Business Associates that create, receive, maintain, or transmit electronic Protected Health Information on behalf of HIPAA-covered entities are directly […] The post HIPAA Security Rule Training for Business Associates appeared first on The HIPAA Journal.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers

Hired by an algorithm: Data protection and AI regulation in modern HR practices

A forthcoming conference co-organized with EDPB trainees, scheduled for 9 July, will examine the growing use of artificial intelligence in hiring and recruitment workflows and the data protection challenges these practices create under current regulatory frameworks.

Why this matters: HR, legal, and privacy teams should monitor developments from this event, as EDPB involvement signals potential guidance or enforcement priorities around AI-driven recruitment tools.

Who should care: Lawyers · Privacy officers · AI governance · Administrators · Compliance · General readers · Policy

A view from Brussels: A sneak peek into upcoming guidelines on GDPR, AI Act interplay

European regulators are preparing guidance that will clarify how the GDPR and the EU AI Act interact, offering organizations a clearer compliance framework where both regimes overlap. The forthcoming guidelines signal that data protection and AI governance obligations will need to be addressed in an integrated, rather than siloed, manner.

Why this matters: Privacy officers and AI governance teams should anticipate and begin reconciling dual compliance obligations before official guidelines release, as misalignment between GDPR and AI Act requirements could expose organizations to compounded regulatory risk.

Who should care: Lawyers · Privacy officers · AI governance · Administrators · General readers · Policy

Rethinking AI data: From scraping to sustainable and ethical data sharing

An OECD.AI initiative called VIADUCT is examining how the AI industry can move beyond indiscriminate web scraping toward structured, consent-based data-sharing frameworks that address copyright obligations, GDPR compliance, and equitable access to training datasets.

Why this matters: Privacy officers, legal counsel, and AI governance teams should monitor VIADUCT's emerging frameworks, as they may shape regulatory expectations and contractual standards for lawful AI training data procurement.

Who should care: Lawyers · Privacy officers · AI governance · Administrators · General readers · Policy

EDPB gets a new look: discover the new website and brand identity

Brussels, 22 June - Since its establishment in 2018, the core mission of the EDPB has been to uphold and safeguard the right to data protection. Over the years, the EDPB has played a key role in ensuring the consistent application of the GDPR across Europe, by providing guidance on key GDPR concepts and the interaction of the GDPR with other digital laws, as well as through the adoption of consistency opinions and binding decisions. The EDPB is also committed to making GDPR compliance easier for organisations and enhancing its dialogue with stakeholders. The EDPB is glad to announce today the…

Who should care: Lawyers · Privacy officers · AI governance · Compliance · General readers · Policy

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles  CNIL

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

Potential Avenues for Redress for AI-related Harms under the GDPR: A Visual Explanation

Potential Avenues for Redress for AI-related Harms under the GDPR: A Visual Explanation  - Center for Democracy and Technology

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

UK: ICO statement on ‘Edtech examined’ report

The UK Information Commissioner’s Office (ICO) has released a report titled “EdTech examined — Key Findings from Our Audits.” The ICO issued the following statement to accompany the report’s release: Today, the ICO has published ‘Edtech examined’, a new report which outlines how we have worked directly with edtech providers to review and improve data protection practices... Source

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

ICO statement on ‘Edtech examined’ report

ICO statement on ‘Edtech examined’ report  Information Commissioner's Office

Who should care: Lawyers · Privacy officers · AI governance

Latest EDPS Newsletter out now

The European Data Protection Supervisor has released its latest newsletter, highlighting key supervisory activities including the 2025 Annual Report, guidance on AI use in an EU visa platform chatbot, contributions to the Digital Omnibus debate, and an upcoming conference examining AI applications in recruitment.

Why this matters: Privacy officers and AI-governance teams should monitor EDPS outputs closely, as its recommendations on public-sector AI tools and hiring algorithms often signal forthcoming regulatory expectations across EU institutions and member states.

Who should care: Lawyers · Privacy officers · AI governance · Administrators · General readers · Policy

When withdrawal cannot be effectively exercised: Rethinking consent validity under the GDPR

When withdrawal cannot be effectively exercised: Rethinking consent validity under the GDPR  IAPP

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

One-Stop-Shop case digest on right to object and right to erasure updated

Brussels, 25 June - The EDPB has published an update of the One-Stop-Shop (OSS) case digest on right to object and right to erasure. This project has been developed in the framework of the of the Support Pool of Experts programme, which aims to support cooperation among Data Protection Authorities (DPAs). Thematic one-stop-shop case digests are drafted on the basis of one-stop-shop decisions taken from the EDPB’s public register (based on Art.60 GDPR). Such case digests complement the EDPB's public register by selecting and presenting the most important decisions on a given theme and providin…

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

Council of the EU Must Prevent GDPR Changes From Eroding Privacy Rights, EPIC, Coalition Urge

Council of the EU Must Prevent GDPR Changes From Eroding Privacy Rights, EPIC, Coalition Urge  EPIC – Electronic Privacy Information Center

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

Okanogan Behavioral Healthcare Settles Class Action Data Breach Lawsuit

Okanogan Behavioral Healthcare, a Washington-based behavioral health services provider, has reached a settlement in a class action lawsuit stemming from a data breach affecting its patients. The resolution signals continued legal and financial exposure for smaller regional healthcare entities handling sensitive mental and behavioral health records.

Why this matters: Healthcare privacy officers and legal teams should note that behavioral health providers—often under-resourced—face significant class action liability following breaches, reinforcing the urgency of robust HIPAA-compliant security controls.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · Healthcare professionals

MSG Data Breach Lawsuit Puts Dolan’s Facial Recognition/Data Fight in Spotlight

A lawsuit targeting Madison Square Garden over a data breach has drawn renewed attention to owner James Dolan's controversial use of facial recognition technology at MSG venues, raising questions about how biometric data is collected, stored, and protected in live entertainment settings.

Why this matters: Privacy officers and legal teams should monitor this case closely, as it may establish precedent on biometric data liability and breach notification obligations for venues deploying facial recognition systems.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · Policy

Italian prosecutors confirm journalist was hacked with Paragon spyware

Italian prosecutors have confirmed that two journalists were targeted using Paragon spyware, advancing a broader national investigation into the tool's deployment. The identity of the party or parties who authorized the surveillance remains officially unresolved.

Why this matters: This case signals growing regulatory and prosecutorial scrutiny of commercial spyware vendors, with direct implications for organizations advising on lawful surveillance boundaries, press freedom protections, and device security posture.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

EDPB meets with EU Commissioner McGrath and adopts common data breach notification template

At its June plenary, the EDPB held strategic discussions with Commissioner McGrath on shared regulatory priorities, including concerns around the Digital Omnibus package, while also formally adopting a harmonised data breach notification template across EU member states.

Why this matters: A standardised breach notification template will streamline compliance obligations for DPOs and legal teams operating across multiple EU jurisdictions, reducing inconsistency and administrative burden.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · AI governance · Compliance

Why data mining is functionally required after a HIPAA breach

Following a HIPAA breach, organizations face a practical obligation to conduct thorough data mining to identify exactly what protected health information was compromised, who is affected, and the full scope of exposure—steps necessary to meet regulatory notification and remediation requirements.

Why this matters: Healthcare privacy officers and legal teams must treat post-breach data mining not as optional due diligence but as an operational necessity to satisfy HIPAA's breach notification rule and limit regulatory liability.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

UK Biobank has my data, but I’m not worried. I know the benefits are too great to consider pulling out | Polly Toynbee

A commentator publicly defends continued participation in UK Biobank after reports emerged that its research dataset was listed for sale on China's Alibaba platform, with the UK Science Minister warning of further attempted data sales. The author argues the long-term public health benefits of longitudinal cohort studies outweigh the associated risks.

Why this matters: Privacy officers and governance teams should assess whether existing consent frameworks, data-sharing agreements, and cross-border transfer controls adequately address unauthorized third-party commercialization of biobank research data.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

FTC Gives Final Approval to Order Against Illuminate Settling Allegations It Failed to Secure Students’ Personal Data

The FTC has finalized a settlement order against Illuminate Education, an edtech firm whose inadequate security controls resulted in a significant breach exposing millions of students' personal data. The binding order mandates a formal data security program, restricts unnecessary data collection, and requires deletion of data no longer needed.

Why this matters: Organizations handling sensitive student data face heightened FTC scrutiny; this order signals that unmet security representations and poor data minimization practices will draw enforcement action with operational remediation requirements.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

EDPB meets with EU Commissioner McGrath and adopts common data breach notification template

EDPB meets with EU Commissioner McGrath and adopts common data breach notification template  CNIL

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · AI governance

Why Amazon Dropped Its OpenAI Movie, Data Center Workers Fight Back, and Meta Leaks Employee Data

The decision by Amazon-owned MGM Studios to drop the OpenAI movie is just part of AI and film industries becoming increasingly intertwined. On Uncanny Valley, we look at where this is all headed.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · AI governance · Policy

Managing Shadow AI’s Hidden Data Breach Risk

Managing Shadow AI’s Hidden Data Breach Risk francesco Mon, 06/15/2026 - 09:25 Mon, 06/15/2026 - 12:00 The use of unauthorised AI tools that can expose personal data, create regulatory blind spots, and open security vulnerabilities. 1 Read blogpost by Wojciech Wiewiórowski

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance · General readers · AI governance · Policy

Online safety coalition urges House to reject KIDS Act compromise

Children’s online safety groups are pressing House lawmakers to oppose the bipartisan measure, arguing that it weakens safeguards.

Who should care: Cybersecurity · Privacy officers · Administrators

Teens who hacked TfL were known to police years before cyber-attack

Owen Flowers and Thalha Jubair were convicted for their roles in the attack, which led to large costs for Transport for London.

Who should care: Cybersecurity · Privacy officers · Administrators

UK information commissioner steps back amid workplace investigation

UK Information Commissioner John Edwards has temporarily recused himself from his role while the ICO conducts an independent inquiry into undisclosed internal HR matters. Edwards confirmed his cooperation with the investigation via a LinkedIn statement, leaving the data protection regulator without its principal figurehead during the probe.

Why this matters: Leadership instability at the ICO could affect the pace and consistency of regulatory decisions, enforcement actions, and guidance relevant to privacy, AI governance, and data protection compliance across sectors.

Who should care: Lawyers · Privacy officers · Compliance · AI governance · General readers · Policy

Fort Myers man sues Jax Beach police, JSO after AI facial recognition leads to wrongful arrest, lawsuit says

A Fort Myers man has filed a lawsuit against Jacksonville Beach police and the Jacksonville Sheriff's Office, alleging that AI-powered facial recognition technology misidentified him and resulted in a wrongful arrest. The case highlights ongoing concerns about the reliability and civil rights implications of law enforcement's use of automated identification systems.

Why this matters: This litigation signals growing legal exposure for agencies deploying facial recognition, reinforcing the need for legal and governance teams to audit AI tool accuracy, bias risks, and civil liability frameworks before deployment.

Who should care: Lawyers · Privacy officers · Compliance · Cybersecurity · General readers · AI governance · Policy

News release: Privacy Commissioner of Canada investigation into the Grok chatbot and sexualized deepfakes finds companies violated privacy law

Canada's Privacy Commissioner concluded an investigation finding that the companies behind the Grok chatbot violated Canadian privacy law in connection with the generation of sexualized deepfake content, marking a significant regulatory enforcement action in the AI-generated imagery space.

Why this matters: Privacy and AI-governance teams should note this signals active regulatory scrutiny of generative AI platforms under existing privacy frameworks, with potential liability implications for companies deploying similar tools.

Who should care: Lawyers · Privacy officers · Compliance · General readers · AI governance · Policy

Health data: fine of 5 million euros against IQVIA

France's data protection authority, the CNIL, has imposed a €5 million fine on IQVIA, a global health data analytics company, for violations related to the processing of health data. The penalty reflects serious regulatory concerns about how sensitive medical information was handled by the firm.

Why this matters: This enforcement action signals that health data aggregators and analytics vendors face substantial GDPR liability, prompting privacy officers and legal teams to urgently reassess third-party data processing agreements and consent frameworks.

Who should care: Lawyers · Privacy officers · Compliance · Healthcare professionals

Supporting GDPR consistency: EDPB launches dedicated form

Brussels, 24 June – The EDPB has launched a dedicated contact form for stakeholders to report possible inconsistencies in how the GDPR is interpreted across Europe. This initiative reflects the commitments set out in the EDPB Helsinki Statement on enhanced clarity, support and engagement, aimed at strengthening the dialogue with stakeholders and ensuring consistent GDPR enforcement across Europe. The new tool enables stakeholders to report alleged divergences between national positions, as well as between national positions and those of the EDPB. The EDPB will not respond to individual submis…

Who should care: Lawyers · Privacy officers · Compliance · AI governance

The state of enforcement: Part I — Consumer privacy rights

The state of enforcement: Part I — Consumer privacy rights  IAPP

Who should care: Lawyers · Privacy officers · Compliance · General readers · Policy

It’s easier for Californians to escape data brokers following a Markup investigation

The Markup and CalMatters showed how website code could make it harder for Californians to exercise their right to remove personal data. Now much of that code has disappeared.

Who should care: Lawyers · Privacy officers · Compliance · General readers · Policy

Fines

Fines  Data Protection Commission

Who should care: Lawyers · Privacy officers · Compliance · General readers · Policy

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted

As UK police embrace the AI revolution, a WIRED investigation reveals the messy inside story of one region’s experiment with predictive analytics.

Who should care: Lawyers · Privacy officers · Compliance · General readers · AI governance · Policy

FTC Begins Enforcing the TAKE IT DOWN Act

The Federal Trade Commission today began enforcing the TAKE IT DOWN Act (TIDA), a law requiring platforms, at the request of victims, to remove intimate photos or videos shared online without victims’ consent. As part of its enforcement role, the FTC has launched TakeItDown.ftc.gov, a website allowing victims and survivors to submit complaints about platforms that have failed to act on valid requests for the removal of nonconsensual intimate images. The website also accepts complaints about platforms that have failed to create a process for people to request removal of these images. “Thanks t…

Who should care: Lawyers · Privacy officers · Compliance · General readers · Policy

Apple fixes bug that cops used to extract deleted chat messages from iPhones

The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app.

Who should care: Lawyers · Privacy officers · Compliance

Whistleblower Sarah Wynn-Williams sues Meta over attempts to ‘silence’ her

Former Meta employee Sarah Wynn-Williams has filed a federal lawsuit in California alleging the company unlawfully suppressed her ability to promote her memoir through an interim arbitration order, while also accusing Meta of engaging in coercive surveillance against her.

Why this matters: The case raises critical intersections of employee surveillance, NDAs, arbitration enforceability, and First Amendment protections—outcomes could reshape how tech firms manage insider disclosures and monitor former staff.

Who should care: Lawyers · Privacy officers · Compliance · Cybersecurity · General readers · Policy

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles

Emerging technologies and the protection of children: G7 data protection authorities agree on key principles  CNIL

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

The state of enforcement: Part I — Consumer privacy rights

The state of enforcement: Part I — Consumer privacy rights  IAPP

Who should care: Lawyers · Privacy officers · Compliance · General readers · Policy

News release: Privacy Commissioner of Canada strengthens international cooperation at the 2026 G7 Data Protection and Privacy Authorities Roundtable

News release

Who should care: General readers · Privacy officers · Policy

Newsletter Digest - news from the EDPS

The European Data Protection Supervisor has released a newsletter covering four priority areas shaping EU digital governance: the Digital Omnibus legislative debate, cross-border health data protection, AI safeguards for the EU Visa Application Platform chatbot, and transparency obligations around EU fund usage.

Why this matters: Privacy officers, healthcare teams, and AI-governance professionals should monitor these EDPS developments closely, as they signal upcoming regulatory expectations across health data flows, public-sector AI deployment, and digital policy reform.

Who should care: Healthcare professionals · Privacy officers · Compliance · Lawyers · AI governance · General readers · Policy

One-Stop-Shop case digest on right to object and right to erasure updated

Brussels, 25 June - The EDPB has published an update of the One-Stop-Shop (OSS) case digest on right to object and right to erasure. This project has been developed in the framework of the of the Support Pool of Experts programme, which aims to support cooperation among Data Protection Authorities (DPAs). Thematic one-stop-shop case digests are drafted on the basis of one-stop-shop decisions taken from the EDPB’s public register (based on Art.60 GDPR). Such case digests complement the EDPB's public register by selecting and presenting the most important decisions on a given theme and providin…

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy

Your medical provider might be recording your mental health care visits

Mental health providers are increasingly using AI technology to record conversations, raising privacy concerns among patients and practitioners.

Who should care: General readers · AI governance · Policy

Data Protection Commission announces final decision into Midlands Regional Hospital Tullamore inquiry

Data Protection Commission announces final decision into Midlands Regional Hospital Tullamore inquiry  Data Protection Commission

Who should care: General readers · Privacy officers · Policy

AI for inclusive and resilient agri-food systems: Potential ways forward

AI can strengthen food security, resilience and sustainability in agriculture. Explore key challenges and opportunities for agri-food systems. The post AI for inclusive and resilient agri-food systems: Potential ways forward appeared first on OECD.AI.

Who should care: AI governance · Lawyers · Administrators · General readers · Policy

EDPB meets with EU Commissioner McGrath and adopts common data breach notification template

EDPB meets with EU Commissioner McGrath and adopts common data breach notification template  CNIL

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · AI governance

Notes from the IAPP Canada: Digital policy wave in Canada gathers force

Notes from the IAPP Canada: Digital policy wave in Canada gathers force  IAPP

Statement by the Privacy Commissioner of Canada on Bill C-36, the Protecting Privacy and Consumer Data Act

Statement by the Privacy Commissioner of Canada on Bill C-36, the Protecting Privacy and Consumer Data Act

Espresso with the EDPS: AI Literacy

Espresso with the EDPS: AI Literacy miriam Tue, 06/23/2026 - 13:31 Tue, 06/23/2026 - 12:00 What does it mean to be AI literate? And why does it matter for all of us? The first episode of our new video series "Espresso with the EDPS" by Secretary General, is now live! 1 Watch it

Who should care: Lawyers · Privacy officers · AI governance · General readers · Policy